SAS & MBAM label same registry entry as malware?

I have encountered an unusual possible malware situation which is most probably a false positive. A routine MBAM scan on a relative’s (Vista) laptop showed a ‘Rogue Installer’ in the registry. A similar scan with SAS claimed that the same registry file was a trojan. I didn’t quarantine either as I am only too aware that both SAS and MBAM have a tendency to claim that perfectly benign files are hostile and I didn’t want to risk bricking the machine (I’ve been through this before with MBAM on the same machine).

I then proceeded to do a complete scan (8 hrs) with Panda Free, which found nothing. Next I scanned with Bit Defender online, F-Secure online, Kaspersky Security Scan and the Microsoft Safety Scanner, all of which discovered nothing. Finally I did a Panda quick scan which inevitably also found nothing.

The only thing that I can think of that might be causing this almost certain false positive is that when I originally examined my relative’s laptop I employed a USB mouse originally from a ‘Tech Air 15.6-Inch Laptop Case with Shoulder Strap and Optical USB 2 Button Mouse’ I purchased six months ago. The mouse had never been used in the laptop before and had to install drivers as is normally the case. Previously the mouse had only ever been used on computers running Ubuntu. I’m guessing that MBAM and SAS may be falsely detecting those drivers as malware.

SUPERAntiSpyware told me that they would try to fix this in database version 12018. Although SAS still labels this as a trojan and MBAM still labels it as a rogue installer. It's also suspiciously similar to this I reported in March this year:

I have encountered an unusual possible malware situation which is most probably a false positive. A routine MBAM scan on a relative’s (Vista) laptop showed a ‘Rogue Installer’ in the registry. A similar scan with SAS claimed that the same registry file was a trojan. I didn’t quarantine either as I am only too aware that both SAS and MBAM have a tendency to claim that perfectly benign files are hostile and I didn’t want to risk bricking the machine (I’ve been through this before with MBAM on the same machine).

I then proceeded to do a complete scan (8 hrs) with Panda Free, which found nothing. Next I scanned with Bit Defender online, F-Secure online, Kaspersky Security Scan and the Microsoft Safety Scanner, all of which discovered nothing. Finally I did a Panda quick scan which inevitably also found nothing.

The only thing that I can think of that might be causing this almost certain false positive is that when I originally examined my relative’s laptop I employed a USB mouse originally from a ‘Tech Air 15.6-Inch Laptop Case with Shoulder Strap and Optical USB 2 Button Mouse’ I purchased six months ago. The mouse had never been used in the laptop before and had to install drivers as is normally the case. Previously the mouse had only ever been used on computers running Ubuntu. I’m guessing that MBAM and SAS may be falsely detecting those drivers as malware.

I'm a long term user of MBAM as my first choice malware scanner , and to a much lesser degree , SAS as a "second-line " option , which I've only
ever found useful for routing out tracking cookies which MBAM either doesn't find , or doesn't rate as a threat.

I can't remember when I had FP issues with either of them and personally , I'd really be looking at the drivers you mentioned as the culprits in your case.
I regularly check the MBAM forum , but I've never looked at the SAS forum before now ..... and I just noticed your avatar ...... ..... ha !

I'm a long term user of MBAM as my first choice malware scanner , and to a much lesser degree , SAS as a "second-line " option , which I've only
ever found useful for routing out tracking cookies which MBAM either doesn't find , or doesn't rate as a threat.

Click to expand...

SAS did find a trojan once on my old laptop back in 2008. I started to use MBAM around then, although as a whole I tend to agree with you that MBAM is the more efficacious of the two.

I can't remember when I had FP issues with either of them and personally , I'd really be looking at the drivers you mentioned as the culprits in your case.

Click to expand...

I've had a few fp's with them over the years on various machines. As long as you check anything they flag first on their respective forums before quarantining or deleting you should be OK. That particular driver has been flagged before, it's probably a Vista thing.

I regularly check the MBAM forum , but I've never looked at the SAS forum before now ..... and I just noticed your avatar ...... ..... ha !

Click to expand...

I was a member of the MBAM forums a while ago, I think I have forgotten my password though lol. I've had that SAS yin/yang avatar for as long as I've been a member of their forum, I'm sure it was originally animated.